Why we made this change

Visitors are allowed 3 free articles per month (without a subscription), and private browsing prevents us from counting how many stories you've read. We hope you understand, and consider subscribing for unlimited online access.

Watch the ATM Hacker At Work

See hacker Barnaby Jack, who died last week, trick an ATM into spewing out all its cash

July 29, 2013

Hacker and computer security researcher Barnaby Jack died last week. I was lucky enough to meet him in 2010 to film footage for the video below explaining his most famous hack, which made ATMs spit out money like jackpotting slot machines. The demonstration took place in Jack’s home at the time, in San Jose. When he opened the door I saw the man himself, friendly and laid back, and the two ATMs he had installed in his kitchen.

Jack was widely known and liked amongst hackers and security researchers as an impressive technical talent who also knew how to have a good time. Among the many online postings in Jack’s memory last Friday was a tweet from researcher Dan Kaminsky, showing Jack attempting to hack an ATM that dispenses gold bars in an Abu Dhabi hotel. Although the attempt was made with permission of the hotel’s owners, it was abruptly cancelled before he could extract any gold.

Jack’s ATM hack provides a good example of how “white hat” hackers like him operate and advance computer security, despite often being misunderstood. Jack may have relished testing and perhaps breaking rules, and enjoyed putting on showy demonstrations of hacks that could be used in very dangerous or criminal ways. But he was careful to cause no lasting damage worse than the acute embarrassment felt by the people and companies who had designed the technology he bent to his will.

This inside account of how Jack worked with one ATM company to fix its flaws before his headline-grabbing demonstration in 2010 gives an nice insight into the well-known side of his style of working. It’s clear that those at the company would have preferred for the demonstration to have not taken place, but they recognized their problem and welcomed Jack’s help to fix it. The ATM company’s engineer (who coined the term “jackpotting” that Jack adopted to describe money-spewing ATMs) sums it up like this:

“Barnaby got his 15 megabytes of fame, and we improved the security of our product, which I guess is how this ruthless Darwinian process is supposed to work.”

More recently, Jack had focused his attentions to medical devices, inspired by Kevin Fu, an academic researcher MIT Technology Reviewrecognized as a TR35 in 2009 for work on implanted pacemakers and defibrillators. Jack showed in 2011 that a common insulin pump could be wirelessly made to deliver a lethal dose, and then himself turned to pacemakers and defibrillators. He was due to give demonstrations of hacks on heart implants at the Black Hat security conference in Las Vegas this week. Reuters reports that he was to show that one model of pacemaker could be made to deliver a lethal shock to the person it is implanted into from 30 feet away.

In February this year, Jack wrote a detailed analysis of an episode of the TV show Homeland in which the U.S. vice president is killed by an attack on his pacemaker. It was a twist some viewers found hard to believe, but Jack had no such trouble. “In my professional opinion,” he wrote, “the episode was not too far off the mark.”

Share

I’m MIT Technology Review’s San Francisco bureau chief and enjoy a diverse diet of algorithms, Internet, and human-computer interaction with chips on the side. I lead our coverage of new ideas from Silicon Valley, whether they spring from tech… More giants, new startups, or academic labs.

My journey to the West Coast started in a small English market town and took in the University of Cambridge, Imperial College London, and five years writing and editing technology news coverage at New Scientist magazine.

You've read
of three
free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Subscribe now for unlimited online access.
This is your last free article this month.
Subscribe now for unlimited online access.
You've read all your free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Log in for more, or subscribe now for unlimited online access.
Log in for two more free articles, or subscribe now
for unlimited online access.